<?php

function get_permission($user_id,$module_id){
    include(dirname(__FILE__) . '/../config.php');
    include_once(dirname(__FILE__) . '/../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);
    mysqli_set_charset($con, "utf8");
// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $user_id = mysql_real_escape_string($user_id);
    $module_id = mysql_real_escape_string($module_id);
    $sql = "SELECT * FROM who_can_do_what where user_id='" . $user_id . "' and module_id=".$module_id;

    mysqli_query($con, "SET NAMES 'utf8'");
    $result = mysqli_query($con, $sql);
    if (!$result) {
        die(mysqli_error($con) . ':' . $sql);
    }
    
    $contact = array();
    while ($row = mysqli_fetch_array($result)) {
        $contact = $row;
    }
    
    mysqli_close($con);
    return $contact;
}

function insert_user_acl($post) {
    require('../config.php');
    //require('../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);

// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $keys = array();
    $values = array();
    foreach ($post as $column_name => $value) {
        if ($column_name != 'go') {
            $value = trim($value);
            $value = mysql_real_escape_string($value);
            $keys[] = "`{$column_name}`";
            if ($column_name == 'pass') {
                $value = sha1($value);
            }
            $value = mysql_real_escape_string($value);
            $values[] = "'{$value}'";
        }
    }
    $query = "INSERT INTO who_can_do_what (" . implode(",", $keys) . ") VALUES (" . implode(",", $values) . ") ON DUPLICATE KEY UPDATE user_id=".$post['user_id'];
    //echo $query.'<br/>';
    //die();
    mysqli_query($con, "SET NAMES 'utf8'");
    mysqli_query($con, $query);
    mysqli_close($con);
}

function is_admin() {

    if (isset($_SESSION['id'])) {
        $user = get_user_detail($_SESSION['id']);
        if ($user['role'] == 'admin') {
            return 1;
        }
    }
    return 0;
}

function get_user_detail_by_name($name) {

    include(dirname(__FILE__) . '/../config.php');
    include_once(dirname(__FILE__) . '/../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);
    mysqli_set_charset($con, "utf8");
// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $name = mysql_real_escape_string($name);
    $sql = "SELECT * FROM user where username='" . $name . "'";

    mysqli_query($con, "SET NAMES 'utf8'");
    $result = mysqli_query($con, $sql);
    if (!$result) {
        die(mysqli_error($con) . ':' . $sql);
    }
    
    $contact = array();
    while ($row = mysqli_fetch_array($result)) {
        $contact = $row;
    }
    return $contact;
    mysqli_close($con);
}

function get_user_detail($id) {
    include(dirname(__FILE__) . '/../config.php');
    include_once(dirname(__FILE__) . '/../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);
    mysqli_set_charset($con, "utf8");
// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $id = mysql_real_escape_string($id);
    $sql = "SELECT * FROM user where id=" . $id;

    mysqli_query($con, "SET NAMES 'utf8'");
    $result = mysqli_query($con, $sql);
    if (!$result) {
        die(mysqli_error($con) . ':' . $sql);
    }
    $is_login = 0;
    $contact = array();
    while ($row = mysqli_fetch_array($result)) {
        $contact = $row;
    }
    return $contact;
    mysqli_close($con);
}

function get_all_normal_users($ids = null) {
    require('../config.php');
    $con = mysqli_connect($host, $user, $pass, $db);
    mysqli_set_charset($con, "utf8");
// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }

    $sql = "SELECT * FROM user where role='normal' ";
    $append_str = '';
    if ($ids != null && is_array($ids)) {

        $append_str.=implode(",", $ids);
        $sql.=' AND id in (' . $append_str . ')';
    }

    mysqli_query($con, "SET NAMES 'utf8'");
    $result = mysqli_query($con, $sql);
    if (!$result) {
        die(mysqli_error($con) . ':' . $sql);
    }

    $contacts = array();
    while ($row = mysqli_fetch_array($result)) {
        $contacts[] = $row;
    }
    mysqli_close($con);
    return $contacts;
}

function get_all_users($ids = null) {
    require('../config.php');
    $con = mysqli_connect($host, $user, $pass, $db);
    mysqli_set_charset($con, "utf8");
// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }

    $sql = "SELECT * FROM user where 1";
    $append_str = '';
    if ($ids != null && is_array($ids)) {

        $append_str.=implode(",", $ids);
        $sql.=' AND id in (' . $append_str . ')';
    }

    mysqli_query($con, "SET NAMES 'utf8'");
    $result = mysqli_query($con, $sql);
    if (!$result) {
        die(mysqli_error($con) . ':' . $sql);
    }
    $is_login = 0;
    $contacts = array();
    while ($row = mysqli_fetch_array($result)) {
        $contacts[] = $row;
    }
    mysqli_close($con);
    return $contacts;
}

function add_user($post) {
    require('../config.php');
    //require('../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);

// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $keys = array();
    $values = array();
    foreach ($post as $column_name => $value) {
        if ($column_name != 'go') {
            $value = trim($value);
            $value = mysql_real_escape_string($value);
            $keys[] = "`{$column_name}`";
            if ($column_name == 'pass') {
                $value = sha1($value);
            }
            $value = mysql_real_escape_string($value);
            $values[] = "'{$value}'";
        }
    }
    $query = "INSERT INTO user (" . implode(",", $keys) . ") VALUES (" . implode(",", $values) . ");";
    //echo $query;
    //die();
    mysqli_query($con, "SET NAMES 'utf8'");
    mysqli_query($con, $query);
    mysqli_close($con);
}

function update_user_acl($post) {
    include(dirname(__FILE__) . '/../config.php');
    include_once(dirname(__FILE__) . '/../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);

// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $keys = array();
    $values = array();
    $query = 'Update who_can_do_what SET ';
    foreach ($post as $column_name => $value) {
        if ($column_name != 'go') {
            $value = trim($value);
            $value = mysql_real_escape_string($value);

            $query.=" `{$column_name}` = " . " '{$value}',";
        }
    }
    $query.="`user_id`=" . $post['user_id'];
    $query.=" Where user_id =" . $post['user_id'] .' AND module_id='.$post['module_id'];


    mysqli_query($con, "SET NAMES 'utf8'");
    mysqli_query($con, $query);
    //echo 'query='.$query;
    //die();
    mysqli_close($con);
}

function update_user($post) {
    include(dirname(__FILE__) . '/../config.php');
    include_once(dirname(__FILE__) . '/../util.php');
    $con = mysqli_connect($host, $user, $pass, $db);

// Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }
    $keys = array();
    $values = array();
    $query = 'Update user SET ';
    foreach ($post as $column_name => $value) {
        if ($column_name != 'go') {
            $value = trim($value);
            $value = mysql_real_escape_string($value);
            if ($column_name == 'pass' && $value != '') {
                $query.=" `{$column_name}` = " . " sha('" . $value . "'),";
            } else if ($column_name == 'pass' && $value == '') {
                $query.=" `id` = " . " '{$post['id']}',";
            } else {
                $query.=" `{$column_name}` = " . " '{$value}',";
            }
        }
    }
    $query.="`id`=" . $post['id'];
    $query.=" Where id =" . $post['id'];


    mysqli_query($con, "SET NAMES 'utf8'");
    mysqli_query($con, $query);
    //echo 'query='.$query;
    //die();
    mysqli_close($con);
}

function delete_user_acl($id) {
    require('../config.php');

    $con = mysqli_connect($host, $user, $pass, $db);

    // Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }

    $id = mysql_real_escape_string($id);
    $query = 'DELETE FROM who_can_do_what WHERE user_id = ' . $id;
    mysqli_query($con, "SET NAMES 'utf8'");
    mysqli_query($con, $query);
    mysqli_close($con);
}

function delete_user($id) {
    require('../config.php');

    $con = mysqli_connect($host, $user, $pass, $db);

    // Check connection
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }

    $id = mysql_real_escape_string($id);
    $query = 'DELETE FROM user WHERE id = ' . $id;
    mysqli_query($con, "SET NAMES 'utf8'");
    mysqli_query($con, $query);
    mysqli_close($con);
}

function display_menu_for_user($user_id = null) {
    
}

?>